From caeb7f00284a0ab18b79fb6707c90e85f9e64c8f Mon Sep 17 00:00:00 2001
From: Jonas Sicking <jonas@sicking.cc>
Date: Mon, 22 Oct 2012 18:05:46 -0700
Subject: [PATCH] Bug 786009 - Give about:feeds pages the right principal so
 that they work even when the user has disabled JS. r=bz, a=akeybl

---
 browser/components/about/AboutRedirector.cpp | 23 +++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/browser/components/about/AboutRedirector.cpp b/browser/components/about/AboutRedirector.cpp
index 35cdadac5d17..1fc1f2077169 100644
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -124,11 +124,24 @@ AboutRedirector::NewChannel(nsIURI *aURI, nsIChannel **result)
 
       // Keep the page from getting unnecessary privileges unless it needs them
       if (kRedirMap[i].flags & nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT) {
-        // Setting the owner to null means that we'll go through the normal
-        // path in GetChannelPrincipal and create a codebase principal based
-        // on the channel's originalURI
-        rv = tempChannel->SetOwner(nullptr);
-        NS_ENSURE_SUCCESS(rv, rv);
+        if (path.EqualsLiteral("feeds")) {
+          nsCOMPtr<nsIScriptSecurityManager> securityManager =
+            do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+          NS_ENSURE_SUCCESS(rv, rv);
+  
+          nsCOMPtr<nsIPrincipal> principal;
+          rv = securityManager->GetNoAppCodebasePrincipal(aURI, getter_AddRefs(principal));
+          NS_ENSURE_SUCCESS(rv, rv);
+  
+          rv = tempChannel->SetOwner(principal);
+        }
+        else {
+          // Setting the owner to null means that we'll go through the normal
+          // path in GetChannelPrincipal and create a codebase principal based
+          // on the channel's originalURI
+          rv = tempChannel->SetOwner(nullptr);
+          NS_ENSURE_SUCCESS(rv, rv);
+        }
       }
 
       NS_ADDREF(*result = tempChannel);